|
BitcoinGirl.Club
Legendary
Offline
Activity: 2954
Merit: 2785
Bitcoingirl 2 joined us 💓
|
|
September 04, 2023, 03:39:18 PM |
|
please pay attention and be very careful when using the many crypto apps that are available for your mobile phones.
I don't use any mobile wallet. Some exchanges app are installed on my phone but none of the exchange have even $100 from me. The email address I use in the mobile is a trough-away address, I don't mind if I receive emails from spammers in this inbox. But yes the emails that used in the exchanges accounts, are important to me. Although I really do not click links sent by even a known service unless I am expecting a link like verify login, approve withdrawal.
|
|
|
|
hopenotlate
Legendary
Offline
Activity: 3486
Merit: 1231
Top Crypto Casino
|
|
September 04, 2023, 03:48:43 PM |
|
All these increasingly sophisticated attack vectors is what prevents cryptocurrencies from truly being within the reach of everyone in everyday life. We must always be informed and updated to try to avoid the "arrows" that are thrown at us from all directions. It is discouraging to approach this rather complex world, invest some savings and then have it blown from under your nose.
|
|
|
|
Sim_card
|
|
September 04, 2023, 06:22:01 PM |
|
This attack is only for mobile phone users who have their exchange app in their phones and uses it. This shows that most crypto users uses mobile phones to have access to exchanges more than PC. We need to be very careful, especially those of us that prefer using mobile phones for our transactions since we are the target. It is very bad that scammers are looking for every means to steal from investors causing panic on the people. It is better than to stay away from links that we are not expecting and avoid clicking on them.
|
|
|
|
R |
▀▀▀▀▀▀▀██████▄▄ ████████████████ ▀▀▀▀█████▀▀▀█████ ████████▌███▐████ ▄▄▄▄█████▄▄▄█████ ████████████████ ▄▄▄▄▄▄▄██████▀▀ | LLBIT | | | 4,000+ GAMES███████████████████ ██████████▀▄▀▀▀████ ████████▀▄▀██░░░███ ██████▀▄███▄▀█▄▄▄██ ███▀▀▀▀▀▀█▀▀▀▀▀▀███ ██░░░░░░░░█░░░░░░██ ██▄░░░░░░░█░░░░░▄██ ███▄░░░░▄█▄▄▄▄▄████ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | █████████ ▀████████ ░░▀██████ ░░░░▀████ ░░░░░░███ ▄░░░░░███ ▀█▄▄▄████ ░░▀▀█████ ▀▀▀▀▀▀▀▀▀ | █████████ ░░░▀▀████ ██▄▄▀░███ █░░█▄░░██ ░████▀▀██ █░░█▀░░██ ██▀▀▄░███ ░░░▄▄████ ▀▀▀▀▀▀▀▀▀ |
| | | | | | .
| | | ▄▄████▄▄ ▀█▀▄▀▀▄▀█▀ ▄▄░░▄█░██░█▄░░▄▄ ▄▄█░▄▀█░▀█▄▄█▀░█▀▄░█▄▄ ▀▄█░███▄█▄▄█▄███░█▄▀ ▀▀█░░░▄▄▄▄░░░█▀▀ █░░██████░░█ █░░░░▀▀░░░░█ █▀▄▀▄▀▄▀▄▀▄█ ▄░█████▀▀█████░▄ ▄███████░██░███████▄ ▀▀██████▄▄██████▀▀ ▀▀████████▀▀ | . ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ░▀▄░▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄░▄▀ ███▀▄▀█████████████████▀▄▀ █████▀▄░▄▄▄▄▄███░▄▄▄▄▄▄▀ ███████▀▄▀██████░█▄▄▄▄▄▄▄▄ █████████▀▄▄░███▄▄▄▄▄▄░▄▀ ████████████░███████▀▄▀ ████████████░██▀▄▄▄▄▀ ████████████░▀▄▀ ████████████▄▀ ███████████▀ | ▄▄███████▄▄ ▄████▀▀▀▀▀▀▀████▄ ▄███▀▄▄███████▄▄▀███▄ ▄██▀▄█▀▀▀█████▀▀▀█▄▀██▄ ▄██▀▄███░░░▀████░███▄▀██▄ ███░████░░░░░▀██░████░███ ███░████░█▄░░░░▀░████░███ ███░████░███▄░░░░████░███ ▀██▄▀███░█████▄░░███▀▄██▀ ▀██▄▀█▄▄▄██████▄██▀▄██▀ ▀███▄▀▀███████▀▀▄███▀ ▀████▄▄▄▄▄▄▄████▀ ▀▀███████▀▀ | | OFFICIAL PARTNERSHIP SOUTHAMPTON FC FAZE CLAN SSC NAPOLI |
|
|
|
Hispo
Legendary
Offline
Activity: 1386
Merit: 2388
Leading Crypto Sports Betting & Casino Platform
|
|
September 04, 2023, 11:42:14 PM |
|
This attack is only for mobile phone users who have their exchange app in their phones and uses it. This shows that most crypto users uses mobile phones to have access to exchanges more than PC. We need to be very careful, especially those of us that prefer using mobile phones for our transactions since we are the target. It is very bad that scammers are looking for every means to steal from investors causing panic on the people. It is better than to stay away from links that we are not expecting and avoid clicking on them.
To be fair, exchanges like Binance have been trying to catch up on the sophistication of this malware attacks, so only the actual owner of the account is able to withdraw Bitcoin off to a personal address. For example, there is 2 factor authentication with physical tokens (which the attacker wont have access to), there is also a feature called "white list"(addresses which the user is allowed to withdraw without going through harder verification), even if the person does not have a physical token to access their money, usually Binance requires three 2FA before approving an on-chain withdrawal: SMS to one's phone number, email confirmation and electronic token. It would would be quite a hassle for a hacker to get all of it, though I understand it is possible. The worst case scenario would be getting my satoshis exchanged for shitcoins.
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
sheenshane
Legendary
Offline
Activity: 2506
Merit: 1232
|
|
September 04, 2023, 11:59:07 PM |
|
Thanks for the heads up. We shouldn't use apps from unknown sources and this proves that using mobile isn't safe at all when it comes to the crypto wallet or any valuable stuff, it's always prone to malware infection since we usually use our phones daily. So this could be sent through links right? As I can see this article it seems there are too many ways you might be affected.
|
|
|
|
joniboini
Legendary
Offline
Activity: 2366
Merit: 1805
|
|
September 05, 2023, 02:25:30 AM |
|
As I can see this article it seems there are too many ways you might be affected. At the very least one group distributes this malware using a debugging tool[1], probably by packaging it through some debugging tool for those who are interested on Android debugging. It is also possible that is spread through the Google Play Store as usual since they are terrible at filtering malware apps. Just recently there are fake Telegram and Signal apps being removed because they contain malware[[2]. CMIIW. [1] https://www.theregister.com/2023/08/31/sandworm_infamous_chisel/[2] https://www.welivesecurity.com/en/eset-research/badbazaar-espionage-tool-targets-android-users-trojanized-signal-telegram-apps/
|
| CHIPS.GG | | | ▄▄███████▄▄ ▄████▀▀▀▀▀▀▀████▄ ▄███▀░▄░▀▀▀▀▀░▄░▀███▄ ▄███░▄▀░░░░░░░░░▀▄░███▄ ▄███░▄░░░▄█████▄░░░▄░███▄ ███░▄▀░░░███████░░░▀▄░███ ███░█░░░▀▀▀▀▀░░░▀░░░█░███ ███░▀▄░▄▀░▄██▄▄░▀▄░▄▀░███ ▀███░▀░▀▄██▀░▀██▄▀░▀░███▀ ▀███░▀▄░░░░░░░░░▄▀░███▀ ▀███▄░▀░▄▄▄▄▄░▀░▄███▀ ▀████▄▄▄▄▄▄▄████▀ █████████████████████████ | | ▄▄███████▄▄ ▄███████████████▄ ▄█▀▀▀▄█████████▄▀▀▀█▄ ▄██████▀▄█▄▄▄█▄▀██████▄ ▄████████▄█████▄████████▄ ████████▄███████▄████████ ███████▄█████████▄███████ ███▄▄▀▀█▀▀█████▀▀█▀▀▄▄███ ▀█████████▀▀██▀█████████▀ ▀█████████████████████▀ ▀███████████████████▀ ▀████▄▄███▄▄████▀ ████████████████████████ | | 3000+ UNIQUE GAMES | | | 12+ CURRENCIES ACCEPTED | | | VIP REWARD PROGRAM | | ◥ | Play Now |
|
|
|
Yamane_Keto
|
|
September 05, 2023, 06:37:49 AM |
|
The report is 35 pages long, so I only read part of it, but do these applications need malware to steal your data? Binance, Coinbase, PayPal and Trust Wallet. They are all closed source services, and no one knows the data they collect about you, and the report did not mention an open source wallet. IC allows access to infected devices, whose message traffic it monitors and siphons off data at regular intervals. the stolen data also includes information about crypto wallets and exchange accounts. affected are said to be: Binance, Coinbase, PayPal and Trust Wallet.
If we assume that there are open source wallets, Android operating system contains features to enhance privacy, although it is better to run a full node on any Linux OS. according to report information is written to the various files in the /data/local is affected, this means that electrum is not affected. • com.brave.browser • com.opera.browser • com.paypal.android.p2pmobile • com.binance.dev • com.coinbase.android • com.wallet.crypto.trustapp • org.mozilla.firefox • com.whatsapp • org.telegram.messenger • org.telegram.messenger.web • com.discord
|
えいごをはなせますか。
|
|
|
joniboini
Legendary
Offline
Activity: 2366
Merit: 1805
|
|
September 06, 2023, 02:56:49 AM |
|
according to report information is written to the various files in the /data/local is affected, this means that electrum is not affected.
Is it possible that the attacker rewrote the code to specifically target Electrum devices, or just expand their attack targets in general? Even if that is not possible, it is still unsafe to keep running your Electrum on an infected devices. Who knows what kind of malware it will download in the future, not to mention they still collect data about you regardless of what wallet you use.
|
| CHIPS.GG | | | ▄▄███████▄▄ ▄████▀▀▀▀▀▀▀████▄ ▄███▀░▄░▀▀▀▀▀░▄░▀███▄ ▄███░▄▀░░░░░░░░░▀▄░███▄ ▄███░▄░░░▄█████▄░░░▄░███▄ ███░▄▀░░░███████░░░▀▄░███ ███░█░░░▀▀▀▀▀░░░▀░░░█░███ ███░▀▄░▄▀░▄██▄▄░▀▄░▄▀░███ ▀███░▀░▀▄██▀░▀██▄▀░▀░███▀ ▀███░▀▄░░░░░░░░░▄▀░███▀ ▀███▄░▀░▄▄▄▄▄░▀░▄███▀ ▀████▄▄▄▄▄▄▄████▀ █████████████████████████ | | ▄▄███████▄▄ ▄███████████████▄ ▄█▀▀▀▄█████████▄▀▀▀█▄ ▄██████▀▄█▄▄▄█▄▀██████▄ ▄████████▄█████▄████████▄ ████████▄███████▄████████ ███████▄█████████▄███████ ███▄▄▀▀█▀▀█████▀▀█▀▀▄▄███ ▀█████████▀▀██▀█████████▀ ▀█████████████████████▀ ▀███████████████████▀ ▀████▄▄███▄▄████▀ ████████████████████████ | | 3000+ UNIQUE GAMES | | | 12+ CURRENCIES ACCEPTED | | | VIP REWARD PROGRAM | | ◥ | Play Now |
|
|
|
Yamane_Keto
|
|
September 06, 2023, 08:19:26 AM |
|
Is it possible that the attacker rewrote the code to specifically target Electrum devices, or just expand their attack targets in general? Even if that is not possible, it is still unsafe to keep running your Electrum on an infected devices. Who knows what kind of malware it will download in the future, not to mention they still collect data about you regardless of what wallet you use.
It's all possible but Binance, Coinbase, PayPal and Trust Wallet don't care about customer privacy and I think they will exploit such attacks as evidence that if users' data is leaked, they can easily say that the reason is Infamous Chisel (malware) just as they do with third party applications that share data With them. and you need root privileges to access electrum files.
|
えいごをはなせますか。
|
|
|
UmerIdrees
|
|
September 07, 2023, 12:56:35 AM |
|
the stolen data also includes information about crypto wallets and exchange accounts. affected are said to be: Binance, Coinbase, PayPal and Trust Wallet.
I am not too worried about the exchanges app because no one can log in, until it is authenticated by the 2fa and the same goes for the withdrawals (also i do not keep much funds in the exchanges) but my real concern is in other walllets like Trust wallet. Are you sure the open source wallet like Unstoppable on my andriod phone is not affected and is save? Also, wallet like Unstoppable does not have a desktop version so the only option to use them is on the Android or iOS device. So what are the tips for using them ? Also for this malware to get activated, you need to click on any suspicious link and it gets downloaded Anyone using the phone with care, not clicking unknown links may be safe from this attack ?
|
|
|
|
joniboini
Legendary
Offline
Activity: 2366
Merit: 1805
|
|
September 07, 2023, 01:49:33 AM |
|
and you need root privileges to access electrum files.
Not sure how root access is being processed if your device is infected with malware. Regardless of whether it is possible or not, using a secure device should be the priority for most users. Are you sure the open source wallet like Unstoppable on my andriod phone is not affected and is save? Also, wallet like Unstoppable does not have a desktop version so the only option to use them is on the Android or iOS device. So what are the tips for using them ? Also for this malware to get activated, you need to click on any suspicious link and it gets downloaded Anyone using the phone with care, not clicking unknown links may be safe from this attack ? The best protection is to use a secure device as mentioned above. Whether the malware will target new open-source wallets or not, you should be able to prevent any hack if you don't click on malicious links. For this specific malware, the distribution method is quite unclear based on the news that I've read. Safe to assume it is distributed through similar means like fake app downloads, phishing links, etc. If you use a phone as your main device, then you should focus more on improving your security practices. At the end of the day, you should make sure your device is free from malware etc regardless if you use a crypto wallet or not.
|
| CHIPS.GG | | | ▄▄███████▄▄ ▄████▀▀▀▀▀▀▀████▄ ▄███▀░▄░▀▀▀▀▀░▄░▀███▄ ▄███░▄▀░░░░░░░░░▀▄░███▄ ▄███░▄░░░▄█████▄░░░▄░███▄ ███░▄▀░░░███████░░░▀▄░███ ███░█░░░▀▀▀▀▀░░░▀░░░█░███ ███░▀▄░▄▀░▄██▄▄░▀▄░▄▀░███ ▀███░▀░▀▄██▀░▀██▄▀░▀░███▀ ▀███░▀▄░░░░░░░░░▄▀░███▀ ▀███▄░▀░▄▄▄▄▄░▀░▄███▀ ▀████▄▄▄▄▄▄▄████▀ █████████████████████████ | | ▄▄███████▄▄ ▄███████████████▄ ▄█▀▀▀▄█████████▄▀▀▀█▄ ▄██████▀▄█▄▄▄█▄▀██████▄ ▄████████▄█████▄████████▄ ████████▄███████▄████████ ███████▄█████████▄███████ ███▄▄▀▀█▀▀█████▀▀█▀▀▄▄███ ▀█████████▀▀██▀█████████▀ ▀█████████████████████▀ ▀███████████████████▀ ▀████▄▄███▄▄████▀ ████████████████████████ | | 3000+ UNIQUE GAMES | | | 12+ CURRENCIES ACCEPTED | | | VIP REWARD PROGRAM | | ◥ | Play Now |
|
|
|
m2017
Legendary
Offline
Activity: 1988
Merit: 1402
Playbet.io - Crypto Casino and Sportsbook
|
|
September 07, 2023, 04:18:47 PM |
|
Well, another reason to avoid mobile crypto wallets. Crypto traders rush to buy Apple smartphones. After all, they were not struck by this infection, right. Modern laptops (netbooks) are compact in size, which allows to work with cryptocurrencies almost anywhere in the world and allow to build a safe line of defense on device. Why use mobile phones to interact with cryptocurrencies when doing so is risky? I also think it's reckless.
|
|
|
|
mk4
Legendary
Offline
Activity: 2926
Merit: 3881
📟 t3rminal.xyz
|
|
September 08, 2023, 06:55:47 AM |
|
Well, another reason to avoid mobile crypto wallets. Crypto traders rush to buy Apple smartphones. After all, they were not struck by this infection, right. Modern laptops (netbooks) are compact in size, which allows to work with cryptocurrencies almost anywhere in the world and allow to build a safe line of defense on device. Why use mobile phones to interact with cryptocurrencies when doing so is risky? I also think it's reckless. Simply because of convenience. Mobile wallets aren't necessarily bad despite the risks in the first place. Like, why use your physical pocket wallet knowing that you can risk losing it? Exactly, you use your mobile wallet for smaller amounts of funds so it's easily accessible when on-the-go; if you're fortunate enough to be in a country with bitcoin/crypto-supported payments.
|
|
|
|
satscraper
|
|
September 12, 2023, 07:52:01 AM |
|
Well, another reason to avoid mobile crypto wallets. Crypto traders rush to buy Apple smartphones. After all, they were not struck by this infection, right. Modern laptops (netbooks) are compact in size, which allows to work with cryptocurrencies almost anywhere in the world and allow to build a safe line of defense on device. Why use mobile phones to interact with cryptocurrencies when doing so is risky? I also think it's reckless. Apple devices are also vulnerable and should not be considered as the secure stronghold of cryptocurrencies safety. Just a couple of days ago the security experts have found multiple vulnerabilities in Apple products that allows not authorized penetrations into devices and execution of arbitrary codes. Regarding Android's devices, the list of the latest vulnerabilities found is revealed by Google in its September security bulletin.
|
| | . .Duelbits. | │ | ..........UNLEASH.......... THE ULTIMATE GAMING EXPERIENCE | │ | DUELBITS FANTASY SPORTS | ████▄▄▄█████▄▄▄ ░▄████████████████▄ ▐██████████████████▄ ████████████████████ ████████████████████▌ █████████████████████ ████████████████▀▀▀ ███████████████▌ ███████████████▌ ████████████████ ████████████████ ████████████████ ████▀▀███████▀▀ | . ▬▬ VS ▬▬ | ████▄▄▄█████▄▄▄ ░▄████████████████▄ ▐██████████████████▄ ████████████████████ ████████████████████▌ █████████████████████ ███████████████████ ███████████████▌ ███████████████▌ ████████████████ ████████████████ ████████████████ ████▀▀███████▀▀ | /// PLAY FOR FREE /// WIN FOR REAL | │ | ..PLAY NOW.. | |
|
|
|
|